PT-2025-7892 · X.Org+12 · X.Org+12

Published

2024-11-27

·

Updated

2025-11-11

·

CVE-2025-26594

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions X.Org and Xwayland (affected versions not specified)
Description A use-after-free flaw was found, where the root cursor is referenced as a global variable in the X server. If a client frees the root cursor, the internal reference points to freed memory, causing a use-after-free.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:2500
ALSA-2025:2502
ALSA-2025:7163
ALSA-2025:7165
ALT-PU-2025-12763
ALT-PU-2025-13709
AZL-57292
AZL-57359
AZL-57474
BDU:2025-04129
CESA-2025_2502
CVE-2025-26594
DLA-4072-1
DSA-5872-1
INFSA-2025_2500
INFSA-2025_2502
INFSA-2025_7163
INFSA-2025_7165
MGASA-2025-0086
OESA-2025-1429
OPENSUSE-SU-2025:14841-1
OPENSUSE-SU-2025:14842-1
OPENSUSE-SU-2025_0729-1
OPENSUSE-SU-2025_0730-1
OPENSUSE-SU-2025_0731-1
OPENSUSE-SU-2025_0732-1
RHSA-2025:2500
RHSA-2025:2502
RHSA-2025:2861
RHSA-2025:2862
RHSA-2025:2865
RHSA-2025:2866
RHSA-2025:2873
RHSA-2025:2874
RHSA-2025:2875
RHSA-2025:2879
RHSA-2025:2880
RHSA-2025:3976
RHSA-2025:7163
RHSA-2025:7165
RHSA-2025:7458
RHSA-2025_2500
RHSA-2025_2502
RHSA-2025_7163
RHSA-2025_7165
ROSA-SA-2025-2870
ROSA-SA-2025-2871
SUSE-SU-2025:0729-1
SUSE-SU-2025:0730-1
SUSE-SU-2025:0731-1
SUSE-SU-2025:0732-1
SUSE-SU-2025:0733-1
SUSE-SU-2025:0734-1
SUSE-SU-2025_0730-1
SUSE-SU-2025_0731-1
SUSE-SU-2025_0732-1
SUSE-SU-2025_0733-1
SUSE-SU-2025_0734-1
USN-7299-1
USN-7299-2
USN-7299-3
USN-7299-4
ZDI-25-143

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
X.Org
Xwayland